fastnetmon: T4553: Allow to configure ban_time instead of 1900s default value

2 files changed, 16 insertions, 1 deletions

diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2
index c482002fa..e095b0786 100644
--- a/data/templates/ids/fastnetmon.j2
+++ b/data/templates/ids/fastnetmon.j2
@@ -15,7 +15,9 @@ ban_details_records_count = 500
 
 ## How long (in seconds) we should keep an IP in blocked state
 ## If you set 0 here it completely disables unban capability
-ban_time = 1900
+{% if ban_time is vyos_defined %}
+ban_time = {{ ban_time }}
+{% endif %}
 
 # Check if the attack is still active, before triggering an unban callback with this option
 # If the attack is still active, check each run of the unban watchdog
diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in
index 5e65d3106..135fa2ffa 100644
--- a/interface-definitions/service-ids-ddos-protection.xml.in
+++ b/interface-definitions/service-ids-ddos-protection.xml.in
@@ -18,6 +18,19 @@
                   <help>Path to fastnetmon alert script</help>
                 </properties>
               </leafNode>
+              <leafNode name="ban-time">
+                <properties>
+                  <help>Time to ban (in seconds) an ip</help>
+                  <valueHelp>
+                    <format>u32:0-4294967294</format>
+                    <description>Time to ban (in seconds) an ip</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 0-4294967294"/>
+                  </constraint>
+                </properties>
+                <defaultValue>1900</defaultValue>
+              </leafNode>
               <leafNode name="direction">
                 <properties>
                   <help>Direction for processing traffic</help>